package top.shaozuo.simple.security.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
@Order(2)
public class WebSecurityConfigurer1 extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		System.out.println(http);
		http.authorizeRequests().anyRequest().authenticated().and().formLogin()
		        .loginProcessingUrl("/login").permitAll().and().csrf().disable(); // 关闭csrf

	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.inMemoryAuthentication()
		        // 定义加密方式，不然启动不了
		        .passwordEncoder(new BCryptPasswordEncoder())
		        // 设置用户名
		        .withUser("admin")
		        // 设置密码（密文密码）
		        .password(new BCryptPasswordEncoder().encode("123456"))
		        // 设置角色，不设置启动不了
		        .roles("");
	}
}